<?php
	session_start();
	/**
	*@package ParkFind
	*@desc Page for editing user in the database.
	*/
	// Direct calling check
	if (!isset($_POST["submit"]))	
		die ("Do not call this page directly");
	
	
	if($_POST["submit"] == "Cancel")
	{
		header("Location: profile.php");
		exit();
	}


	// Get variable
	$user_id = $_SESSION["user_id"];
	
	//make array to hold error
	$_SESSION["errors"] = array();

	/**
	* @desc This include file connects to the database.
	*/
	require 'includes/connect.inc';
	
	//validate first name
	$fname = $_POST['fname'];
	if(!empty($fname))
	{
		if(!preg_match('/^[a-zA-Z\s]+$/', $fname))
			$_SESSION["errors"]["fname"] = "Only letters allowed";
		else if(strlen($name) > 30)
			$_SESSION["errors"]["fname"] = "Maximum 30 characterers";
	}
	else
		$_SESSION["errors"]["fname"] = "Field cannot be empty";
		
	//validate last name
	$lname = $_POST['lname'];
	if(!empty($lname))
	{
		if(!preg_match('/^[a-zA-Z\s]+$/', $lname))
			$_SESSION["errors"]["lname"] = "Only letters allowed";
		else if(strlen($name) > 30)
			$_SESSION["errors"]["lname"] = "Maximum 30 characterers";
	}
	else
		$_SESSION["errors"]["lname"] = "Field cannot be empty";
	
	// Email validation
	$email = $_POST['email'];
	if (!empty($email))
	{
		if (!preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/', $email))
			$_SESSION["errors"]["email"] = "Email not a valid format";
		else if (strlen($email) > 50)
			$_SESSION["errors"]["email"] = "Maximum 50 characters";	
	}
	else
		$_SESSION["errors"]["email"] = "Email is empty";
	
	//validate passwords
	$newpass = $_POST['newpassword'];
	if(!empty($newpass))
	{
		if(strlen($newpass) > 20)
			$_SESSION["errors"]["newpass"] = "Maximum 20 characters";
		else
		{
			$oldpass = $_POST['password'];
			if(empty($oldpass))
				$_SESSION["errors"]["pass"] = "Type old password";
			else
			{
				//getting old password
				$pass = "SELECT password FROM users WHERE user_id = $user_id";
				
				$result = mysql_query($pass, $connection);
				$row = mysql_fetch_array($result);
				if($row['password'] != md5($oldpass))
					$_SESSION["errors"]["pass"] = "Wrong password";
				else
					$new = true;
			}
		}
	}
	
	if(count($_SESSION["errors"]))
	{
		header('Location: profileaction.php?action=edit');
		exit();
	}
	
	$update = "UPDATE users SET firstname = '$fname', lastname = '$lname', email = '$email'";
	if($new)
	{
		$password = md5($newpass);
		$update = $update.", password = '$password' WHERE user_id = $user_id";
	}
	else
		$update = $update." WHERE user_id = $user_id";

	updateuser($user_id, $update);

	mysql_close($connection);	

	header("Location: profile.php");
	exit();
	
	/**
	*@desc Edits the user information inside the database
	*@param string $user_id
	*@param string $userupdate
	*/
	function updateuser($user_id, $userupdate)
	{
		global $connection;
		
		//prepare queries
		$updateuser = $userupdate;
		
		//run query
		if (!$result = mysql_query ($updateuser, $connection))
			die("Failed to update USER");
	}
	
	
?>